Mercurial > dropbear

comparison svr-x11fwd.c @ 10:0f7d69d31b9d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- renaming x11fwd.c to svr-x11fwd.c, to testing monotone
author Matt Johnston <matt@ucc.asn.au>
date Thu, 03 Jun 2004 17:15:02 +0000
parents
children 7a37cff27258
comparison
equal deleted inserted replaced
9:7f77962de998 10:0f7d69d31b9d
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 #include "includes.h"
26
27 #ifndef DISABLE_X11FWD
28 #include "x11fwd.h"
29 #include "session.h"
30 #include "ssh.h"
31 #include "dbutil.h"
32 #include "chansession.h"
33 #include "channel.h"
34 #include "packet.h"
35 #include "buffer.h"
36
37 #define X11BASEPORT 6000
38 #define X11BINDBASE 6010
39
40 static void x11accept(struct Listener* listener);
41 static void x11cleanup(struct Listener *listener);
42 static int bindport(int fd);
43 static int send_msg_channel_open_x11(int fd, struct sockaddr_in* addr);
44
45 /* called as a request for a session channel, sets up listening X11 */
46 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
47 int x11req(struct ChanSess * chansess) {
48
49 int fd;
50
51 /* we already have an x11 connection */
52 if (chansess->x11listener != NULL) {
53 return DROPBEAR_FAILURE;
54 }
55
56 chansess->x11singleconn = buf_getbyte(ses.payload);
57 chansess->x11authprot = buf_getstring(ses.payload, NULL);
58 chansess->x11authcookie = buf_getstring(ses.payload, NULL);
59 chansess->x11screennum = buf_getint(ses.payload);
60
61 /* create listening socket */
62 fd = socket(PF_INET, SOCK_STREAM, 0);
63 if (fd < 0) {
64 goto fail;
65 }
66
67 /* allocate port and bind */
68 chansess->x11port = bindport(fd);
69 if (chansess->x11port < 0) {
70 goto fail;
71 }
72
73 /* listen */
74 if (listen(fd, 20) < 0) {
75 goto fail;
76 }
77
78 /* set non-blocking */
79 if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
80 goto fail;
81 }
82
83 /* listener code will handle the socket now.
84 * No cleanup handler needed, since listener_remove only happens
85 * from our cleanup anyway */
86 chansess->x11listener = new_listener( fd, 0, chansess, x11accept, NULL);
87 if (chansess->x11listener == NULL) {
88 goto fail;
89 }
90
91 return DROPBEAR_SUCCESS;
92
93 fail:
94 /* cleanup */
95 m_free(chansess->x11authprot);
96 m_free(chansess->x11authcookie);
97 close(fd);
98
99 return DROPBEAR_FAILURE;
100 }
101
102 /* accepts a new X11 socket */
103 /* returns DROPBEAR_FAILURE or DROPBEAR_SUCCESS */
104 static void x11accept(struct Listener* listener) {
105
106 int fd;
107 struct sockaddr_in addr;
108 int len;
109 int ret;
110
111 len = sizeof(addr);
112
113 fd = accept(listener->sock, (struct sockaddr*)&addr, &len);
114 if (fd < 0) {
115 return;
116 }
117
118 /* if single-connection we close it up */
119 if (((struct ChanSess *)(listener->typedata))->x11singleconn) {
120 x11cleanup(listener);
121 }
122
123 ret = send_msg_channel_open_x11(fd, &addr);
124 if (ret == DROPBEAR_FAILURE) {
125 close(fd);
126 }
127 }
128
129 /* This is called after switching to the user, and sets up the xauth
130 * and environment variables. */
131 void x11setauth(struct ChanSess *chansess) {
132
133 char display[20]; /* space for "localhost:12345.123" */
134 FILE * authprog;
135 int val;
136
137 if (chansess->x11listener == NULL) {
138 return;
139 }
140
141 /* create the DISPLAY string */
142 val = snprintf(display, sizeof(display), "localhost:%d.%d",
143 chansess->x11port - X11BASEPORT, chansess->x11screennum);
144 if (val < 0 || val >= (int)sizeof(display)) {
145 /* string was truncated */
146 return;
147 }
148
149 addnewvar("DISPLAY", display);
150
151 /* create the xauth string */
152 val = snprintf(display, sizeof(display), "unix:%d.%d",
153 chansess->x11port - X11BASEPORT, chansess->x11screennum);
154 if (val < 0 || val >= (int)sizeof(display)) {
155 /* string was truncated */
156 return;
157 }
158
159 /* popen is a nice function - code is strongly based on OpenSSH's */
160 authprog = popen(XAUTH_COMMAND, "w");
161 if (authprog) {
162 fprintf(authprog, "add %s %s %s\n",
163 display, chansess->x11authprot, chansess->x11authcookie);
164 pclose(authprog);
165 } else {
166 fprintf(stderr, "Failed to run %s\n", XAUTH_COMMAND);
167 }
168 }
169
170 static void x11cleanup(struct Listener *listener) {
171
172 struct ChanSess *chansess = (struct ChanSess*)listener->typedata;
173
174 m_free(chansess->x11authprot);
175 m_free(chansess->x11authcookie);
176 remove_listener(listener);
177 chansess->x11listener = NULL;
178 }
179
180 static const struct ChanType chan_x11 = {
181 0, /* sepfds */
182 "x11",
183 NULL, /* inithandler */
184 NULL, /* checkclose */
185 NULL, /* reqhandler */
186 NULL /* closehandler */
187 };
188
189
190 static int send_msg_channel_open_x11(int fd, struct sockaddr_in* addr) {
191
192 char* ipstring;
193
194 if (send_msg_channel_open_init(fd, &chan_x11) == DROPBEAR_SUCCESS) {
195 ipstring = inet_ntoa(addr->sin_addr);
196 buf_putstring(ses.writepayload, ipstring, strlen(ipstring));
197 buf_putint(ses.writepayload, addr->sin_port);
198
199 encrypt_packet();
200 return DROPBEAR_SUCCESS;
201 } else {
202 return DROPBEAR_FAILURE;
203 }
204
205 }
206
207 /* returns the port bound to, or -1 on failure.
208 * Will attempt to bind to a port X11BINDBASE (6010 usually) or upwards */
209 static int bindport(int fd) {
210
211 struct sockaddr_in addr;
212 uint16_t port;
213
214 memset((void*)&addr, 0x0, sizeof(addr));
215 addr.sin_family = AF_INET;
216 addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
217
218 /* if we can't find one in 2000 ports free, something's wrong */
219 for (port = X11BINDBASE; port < X11BINDBASE + 2000; port++) {
220 addr.sin_port = htons(port);
221 if (bind(fd, (struct sockaddr*)&addr,
222 sizeof(struct sockaddr_in)) == 0) {
223 /* success */
224 return port;
225 }
226 if (errno == EADDRINUSE) {
227 /* try the next port */
228 continue;
229 }
230 /* otherwise it was an error we don't know about */
231 dropbear_log(LOG_DEBUG, "failed to bind x11 socket");
232 break;
233 }
234 return -1;
235 }
236 #endif /* DROPBEAR_X11FWD */